Yahoo Finance

npm, Inc. Raises $8 Million Series A and Launches npm Private Modules to Accelerate Module-Driven Development

OAKLAND, CA--(Marketwired - Apr 14, 2015) - npm, Inc., the most widely used package manager for JavaScript, announced today that it has raised $8 million for a series A round of funding. The series ...
InfoWorld

How one yanked JavaScript package wreaked havoc

When a developer 'unpublished' his work from the NPM JavaScript package registry, it broke dependencies for many other projects -- and highlighted the fragility of the open source ecosystem Developers ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
IT News For Australia Business

'Protestware' npm package dependency labelled supply-chain attack

Russia's invasion of Ukraine has spilt over into developer-space, with a well-known npm maintainer adding "protestware" as a dependency to a very popular package. Security vendor Snyk is tracking what ...
Ars Technica

Best nodejs REPL replacement module?

I've been slowly teaching myself nodejs and have gotten to the point where I've noticed some problems with the default REPL. Thing is, searching 'repl' on npmjs.com, returns 883 results. Googling for ...
Dark Reading

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. After further investigation, analysts with ...